From: Nishanth Menon <nm@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 2/4] ARM: Introduce ability to enable invalidate of BTB with ICIALLU on Cortex-A15 for CVE-2017-5715
Date: Tue, 12 Jun 2018 15:24:09 -0500 [thread overview]
Message-ID: <20180612202411.29798-3-nm@ti.com> (raw)
In-Reply-To: <20180612202411.29798-1-nm@ti.com>
As recommended by Arm in [1], ACTLR[0] (Enable invalidates of BTB)
needs to be set[2] for BTB to be invalidated on ICIALLU. This needs to
be done unconditionally for Cortex-A15 processors. Provide a config
option for platforms to enable this option based on impact analysis
for products.
NOTE: This patch in itself is NOT the final solution, this requires:
a) Implementation of v7_arch_cp15_set_acr on SoCs which may not
provide direct access to ACR register.
b) Operating Systems such as Linux to provide adequate workaround in the
right locations.
c) This workaround applies to only the boot processor. It is important
to apply workaround as necessary (context-save-restore) around low
power context loss OR additional processors as necessary in either
firmware support OR elsewhere in OS.
[1] https://developer.arm.com/support/security-update
[2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0438c/BABGHIBG.html
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Tony Lindgren <tony@atomide.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Christoffer Dall <christoffer.dall@linaro.org>
Cc: Andre Przywara <Andre.Przywara@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
---
arch/arm/Kconfig | 4 ++++
arch/arm/cpu/armv7/start.S | 8 ++++++++
2 files changed, 12 insertions(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 9e32d5b43cb0..98f58fd27696 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -109,6 +109,7 @@ config SYS_ARM_MPU
# CONFIG_ARM_ERRATA_798870
# CONFIG_ARM_ERRATA_801819
# CONFIG_ARM_CORTEX_A8_CVE_2017_5715
+# CONFIG_ARM_CORTEX_A15_CVE_2017_5715
config ARM_ERRATA_430973
bool
@@ -182,6 +183,9 @@ config ARM_ERRATA_855873
config ARM_CORTEX_A8_CVE_2017_5715
bool
+config ARM_CORTEX_A15_CVE_2017_5715
+ bool
+
config CPU_ARM720T
bool
select SYS_CACHE_SHIFT_5
diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
index 3beaf5a93d81..81edec01bf32 100644
--- a/arch/arm/cpu/armv7/start.S
+++ b/arch/arm/cpu/armv7/start.S
@@ -241,6 +241,14 @@ skip_errata_798870:
skip_errata_801819:
#endif
+#ifdef CONFIG_ARM_CORTEX_A15_CVE_2017_5715
+ mrc p15, 0, r0, c1, c0, 1 @ read auxilary control register
+ orr r0, r0, #1 << 0 @ Enable invalidates of BTB
+ push {r1-r5} @ Save the cpu info registers
+ bl v7_arch_cp15_set_acr
+ pop {r1-r5} @ Restore the cpu info - fall through
+#endif
+
#ifdef CONFIG_ARM_ERRATA_454179
mrc p15, 0, r0, c1, c0, 1 @ Read ACR
--
2.15.1
next prev parent reply other threads:[~2018-06-12 20:24 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-12 20:24 [U-Boot] [PATCH 0/4] ARM: Provide workaround setup bits for CVE-2017-5715 (A8/A15) Nishanth Menon
2018-06-12 20:24 ` [U-Boot] [PATCH 1/4] ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715 Nishanth Menon
2018-06-20 14:13 ` Fabio Estevam
2018-06-29 20:53 ` [U-Boot] [U-Boot, " Tom Rini
2018-06-12 20:24 ` Nishanth Menon [this message]
2018-06-12 23:05 ` [U-Boot] [PATCH 2/4] ARM: Introduce ability to enable invalidate of BTB with ICIALLU on Cortex-A15 " Marek Vasut
2018-06-13 13:32 ` Nishanth Menon
2018-06-13 15:46 ` Tom Rini
2018-06-13 21:32 ` Nishanth Menon
2018-06-13 23:06 ` Marek Vasut
2018-06-13 0:30 ` Florian Fainelli
2018-06-13 13:37 ` Nishanth Menon
2018-06-13 21:36 ` Florian Fainelli
2018-06-14 12:46 ` Nishanth Menon
2018-06-20 14:14 ` Fabio Estevam
2018-06-29 20:53 ` [U-Boot] [U-Boot, " Tom Rini
2018-06-12 20:24 ` [U-Boot] [PATCH 3/4] ARM: mach-omap2: omap5/dra7: Enable ACTLR[0] (Enable invalidates of BTB) to facilitate CVE_2017-5715 WA in OS Nishanth Menon
2018-06-12 23:06 ` Marek Vasut
2018-06-13 13:40 ` Nishanth Menon
2018-06-13 17:36 ` Russell King - ARM Linux
2018-06-13 20:36 ` Marek Vasut
2018-06-13 21:31 ` Nishanth Menon
2018-06-13 21:47 ` Russell King - ARM Linux
2018-06-29 20:53 ` [U-Boot] [U-Boot, " Tom Rini
2018-06-12 20:24 ` [U-Boot] [PATCH 4/4] ARM: mach-omap2: omap3/am335x: Enable ACR::IBE on Cortex-A8 SoCs for CVE-2017-5715 Nishanth Menon
2018-06-29 20:53 ` [U-Boot] [U-Boot, " Tom Rini
2018-06-12 23:06 ` [U-Boot] [PATCH 0/4] ARM: Provide workaround setup bits for CVE-2017-5715 (A8/A15) Marek Vasut
2018-06-18 18:48 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180612202411.29798-3-nm@ti.com \
--to=nm@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox